US 11,057,393 B2
Microservice architecture for identity and access management
Nathanael Coffing, Seattle, WA (US)
Assigned to Cloudentity, Inc., Seattle, WA (US)
Filed by Cloudentity, Inc., Seattle, WA (US)
Filed on Jul. 31, 2018, as Appl. No. 16/51,114.
Claims priority of provisional application 62/638,009, filed on Mar. 2, 2018.
Claims priority of provisional application 62/643,468, filed on Mar. 15, 2018.
Claims priority of provisional application 62/652,299, filed on Apr. 3, 2018.
Prior Publication US 2019/0273746 A1, Sep. 5, 2019
Int. Cl. H04L 29/06 (2006.01); H04L 29/08 (2006.01); H04L 9/32 (2006.01)
CPC H04L 63/105 (2013.01) [H04L 9/3213 (2013.01); H04L 63/0807 (2013.01); H04L 63/20 (2013.01); H04L 67/32 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A system for identity and access management, the system comprising:
a plurality of interconnected microservices;
a plurality of microgateway sidecars, each of the microgateway sidecars associated with one of the microservices, wherein one of the microgateway sidecars manages access to the associated microservice by:
intercepting a request for the associated microservice sent over a communication network from a user device, wherein the request includes data regarding a user context of the request and an enriched token, wherein the token is enriched based on the user context data associated with profile information of a user of the user device,
signing the enriched token using a private key associated with at least one other microservice, and
sending the signed token to the at least one other microservice, wherein the at least one other microservice verifies that the token is valid and from the associated microservice based on the signature by the microgateway sidecar; and
an authorization engine that:
accesses a database of security policies for each of the microservices,
generates a risk profile for the request based on the user context data of the request and one or more of the security policies in the database, and
selects one of a plurality of available security workflows based on the risk profile, wherein the selected security workflow includes sending one or more verification communications to the user device.